Web security 101: Keeping hackers at bay

Many people assume that they are untouchable when browsing the web. Many people are wrong. It's impossible to be completely safe whilst online, but there are some simple methods to help increase your web security.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

“They need to understand that GDPR is not just a project that needs to be implemented, but something that needs to be maintained for the life of the business,” he told EEMA’sISSE 2017 conference in Brussels.

Although it is not necessary to go into great detail about the GDPR, Thyssens said the board needs to understand why it needs to be done and why the investment needs to be made.

“It really is an investment because, like any good investment, it is something that offers a return – you get money out because it helps build customer trust,” he said.

According to Thyssens, boards are only likely to get confused if they are told organisational changes are required to adapt, that there is a legal and contract basis to implement and some security and ICT processes to do, and that compliance and risk, finance, HR, communications and marketing are involved because there is an opportunity to make money.

At the same time, he said it is important that boards do not lose sight of all that needs to be done and do not develop “tunnel vision” where they believe that preparations for GDPR are on track just because the legal and security aspects are being addressed.

Plug the GDPR gap

“There are often gaps in GDPR implementations, where organisations tend to focus on the legal aspects, contracts, security and data protection officers, but tend to forget other key elements,” said Thyssens.

Organisations are more likely to forget things such as data inventory, data privacy impact assessments and staff awareness, even though proof of all these things will be required in the event of a GDPR audit.

“Like any good investment, GDPR offers a return – you get money out because it helps build customer trust”
Herwig Thyssens, T-Systems Belgium

“A data inventory can be difficult to create, and many organisations are not completely sure where specific kinds of data are stored and who owns the data, which some organisations find very difficult to answer, but it is key to GDPR compliance.

Organisations most commonly fail to address issues around how the organisation will be affected, international data flows, data retention, backups and privacy by design.

“Data retention is likened to inventory, but even if an organisation knows where the data is, some find it too difficult to decide how long to keep it, which is a basic question GDPR auditors will ask,” said Thyssens.

Read more about GDPR

In terms of privacy by design requirements, he said organisations with a high level of maturity should task business process owners to look at their processes to assess the impact of the GDPR and what needs to change.

“In organisations with low maturity, my advice is to make sure the board is involved so it can drive this forward, because it will not happen automatically, and that there is a dedicated team assigned to the project to co-ordinate and drive it across business functions,” he said.

With just over six months to go before the GDPR compliance deadline, Thyssens said organisations should consider if they have done all these things, identify their gaps and address them immediately, because time is running out.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.